cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1266
Views
0
Helpful
3
Replies

FirePower 4150 / ASA code / Failover

t.stalder
Level 1
Level 1

Hello

It's all about failover.
We are running a couple of FirePower 4150 appliances at two different locations. They are not in cluster mode.
On top we run ASA code in Multiple Context Mode and with 20 Transparent Contexts. Active/Standby.

Setup:
Port-Channel 1 is used for Zone Traffic Inside and Outside (Subinterfaces, ie. Po1.2048 and Po1.3048)
Port-Channel 2 is used for Failover (2 Subinterfaces STATE and LAN)
Port-Channel 3 is used for Management Access

If I run "show failover" I see: "admin Interface management (10.9.200.34): Normal (Monitored)".
No other interface is monitored.
I guess it would make sense to monitor Port-Channel 1 as well.

Questions:
1. The FirePower appliance does not communicate to its mate, so Port-Channel 1 must be monitored on the ASA (Subinterface). Correct?
2. Does it make sense to monitor more than 1 Subinterface of Port-Channel 1?
3. I often read, that only the Inside Interface should be monitored. Why not Outside as well? (on our ASA-5555 VPN Gateways we do so.)
4. Does it even make sense to monitor Port-Channels for failover, as they provide redundancy anyway?

Any input is highly appreciated. Many Thanks.
Thomas

3 Replies 3

balaji.bandi
Hall of Fame
Hall of Fame

is the managment interface  part of - Port-Channel 3 is used for Management Access ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

t.stalder
Level 1
Level 1

The 1-Gbps Interface is only used to manage the Chassis.

Only the (virtual) ASA is managed through Port-Channel 3 (2 Ten-Gig Interfaces; little overkill).

 

Thomas

Peter Koltl
Level 7
Level 7

Subinterfaces are not monitored by default but I recommend you enable it for both Po1 subinterfaces with the monitor-interface command.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: